packages/jasper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
jasper/CVE-2018-18873.patch
jackie_wu f23e4ebb1a fix some cve for jasper
2020-09-17 15:18:49 +08:00

31 lines
892 B
Diff
Raw Blame History

From 12db8078ba17a8ffc5cc2429fb506988f0f11b44 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max.kellermann@gmail.com>
Date: Sun, 28 Jun 2020 13:25:12 +0200
Subject: [PATCH] ras_enc: check components for RGB, fixes NULL pointer
dereference
Fixes CVE-2018-18873
Closes https://github.com/jasper-maint/jasper/issues/15
Closes https://github.com/mdadams/jasper/issues/184
---
src/libjasper/ras/ras_enc.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/libjasper/ras/ras_enc.c b/src/libjasper/ras/ras_enc.c
index 85ff9a3..dc4f151 100644
--- a/src/libjasper/ras/ras_enc.c
+++ b/src/libjasper/ras/ras_enc.c
@@ -232,6 +232,11 @@ static int ras_putdatastd(jas_stream_t *out, ras_hdr_t *hdr, jas_image_t *image,
assert(numcmpts <= 3);
+ if (RAS_ISRGB(hdr) && numcmpts < 3) {
+ /* need 3 components for RGB */
+ return -1;
+ }
+
for (i = 0; i < 3; ++i) {
data[i] = 0;
}
Reference in New Issue View Git Blame Copy Permalink